win.rhadamanthys (Back to overview)


According to PCrisk, Rhadamanthys is a stealer-type malware, and as its name implies - it is designed to extract data from infected machines.

At the time of writing, this malware is spread through malicious websites mirroring those of genuine software such as AnyDesk, Zoom, Notepad++, and others. Rhadamanthys is downloaded alongside the real program, thus diminishing immediate user suspicion. These sites were promoted through Google ads, which superseded the legitimate search results on the Google search engine.

2023-01-16Medium elis531989Eli Salem
@online{salem:20230116:dancing:3a33ea6, author = {Eli Salem}, title = {{Dancing With Shellcodes: Analyzing Rhadamanthys Stealer}}, date = {2023-01-16}, organization = {Medium elis531989}, url = {}, language = {English}, urldate = {2023-01-16} } Dancing With Shellcodes: Analyzing Rhadamanthys Stealer
@online{cyble:20230112:rhadamanthys:c1e900e, author = {Cyble}, title = {{Rhadamanthys: New Stealer Spreading Through Google Ads}}, date = {2023-01-12}, organization = {Cybleinc}, url = {}, language = {English}, urldate = {2023-01-16} } Rhadamanthys: New Stealer Spreading Through Google Ads
2022-01-03Malware Traffic AnalysisBrad Duncan
@online{duncan:20220103:20230103:d0e003c, author = {Brad Duncan}, title = {{2023-01-03 (TUESDAY) - GOOGLE AD --> FAKE NOTPAD++ PAGE --> RHADAMANTHYS STEALER}}, date = {2022-01-03}, organization = {Malware Traffic Analysis}, url = {}, language = {English}, urldate = {2023-01-06} } 2023-01-03 (TUESDAY) - GOOGLE AD --> FAKE NOTPAD++ PAGE --> RHADAMANTHYS STEALER

There is no Yara-Signature yet.